Add CiaB expose-ports.yml, remove default expose

[rob05c]

Adds a separate docker-compose yml file to expose service ports,
and removes exposing ports from the default docker-compose.yml.

This allows multiple CiaB to run on the same host, as well as allowing
running a CiaB on a host already using a port, while allowing the
old behavior of exposing by chaining composes, via:

docker-compose -f docker-compose.yml -f docker-compose.expose-ports.yml up

What does this PR do?

Fixes #(issue_number)

Which TC components are affected by this PR?

• Documentation
• Grove
• Traffic Analytics
• Traffic Monitor
• Traffic Ops
• Traffic Ops ORT
• Traffic Portal
• Traffic Router
• Traffic Stats
• Traffic Vault
• Other CiaB

What is the best way to verify this PR?

Verify docker-compose -f docker-compose.yml -f docker-compose.expose-ports.yml up emulates old behavior, CiaB comes up, .https://localhost is served on the host.

Verify docker-compose -f docker-compose.yml up brings up a CiaB and docker exec -it cdn-in-a-box_trafficvault_1 curl -Lvsk http://video.demo1.mycdn.ciab.test returns the web page as expected, but https://localhost is not served on the host.

Check all that apply

• This PR includes tests
• This PR includes documentation updates
• This PR includes an update to CHANGELOG.md
• This PR includes all required license headers
• This PR includes a database migration (ensure that migration sequence is correct)
• This PR fixes a serious security flaw. Read more: www.apache.org/security

[asfgit]

Refer to this link for build results (access rights to CI server needed):
https://builds.apache.org/job/trafficcontrol-PR/3111/
Test PASSed.

[ghost]

Rob, I reviewed this PR and everything works with changes to the main CiaB docker-compose.yml. I noticed the optional containers still had the expose ports baked in, so I went ahead and PR'd the changes to your branch.

My testing procedure:

# from ./infrastructure/cdn-in-a-box
alias mydc="docker-compose "` \
        `"-f $PWD/docker-compose.yml "` \
        `"-f $PWD/docker-compose.expose-ports.yml "` \
        `"-f $PWD/optional/docker-compose.socksproxy.yml "` \
        `"-f $PWD/optional/docker-compose.socksproxy.expose-ports.yml "` \
        `"-f $PWD/optional/docker-compose.vnc.yml "` \
        `"-f $PWD/optional/docker-compose.vnc.expose-ports.yml "
mydc kill && mydc rm -fv && docker volume prune -f
make very-clean && make -j 7
mydc build
mydc up

Output from mydc ps:

$ mydc ps
                 Name                                Command               State                    Ports                 
--------------------------------------------------------------------------------------------------------------------------
cdn-in-a-box_db_1_f396593a9871            docker-entrypoint.sh postgres    Up       0.0.0.0:5432->5432/tcp                
cdn-in-a-box_dns_1_92688e3205bb           /sbin/entrypoint.sh /usr/s ...   Up       0.0.0.0:9353->53/tcp, 53/udp          
cdn-in-a-box_edge_1_b950b8c7a528          /bin/sh -c /run.sh               Up       0.0.0.0:9000->80/tcp                  
cdn-in-a-box_enroller_1_e4b91ff6a298      /bin/sh -c /run.sh               Up                                             
cdn-in-a-box_mid_1_7d3e434a9251           /bin/sh -c /run.sh               Up       0.0.0.0:9100->80/tcp                  
cdn-in-a-box_origin_1_27b3134e9a44        /bin/sh -c /run.sh               Up       0.0.0.0:9200->80/tcp                  
cdn-in-a-box_socksproxy_1_19c749771207    /run.sh                          Up       0.0.0.0:9080->1080/tcp                
cdn-in-a-box_tccache_1_6528e62f7369       /bin/sh -c exit                  Exit 0                                         
cdn-                                      /bin/sh -c /run.sh               Up       0.0.0.0:80->80/tcp                    
in-a-box_trafficmonitor_1_47e8ba19ea54                                                                                    
cdn-in-a-box_trafficops-                  /bin/sh -c /run.sh               Up       0.0.0.0:60443->443/tcp                
perl_1_3fe4a3118e92                                                                                                       
cdn-in-a-box_trafficops_1_ac908a5f25bd    /bin/sh -c /run-go.sh            Up       0.0.0.0:6443->443/tcp                 
cdn-                                      /bin/sh -c /run.sh               Up       0.0.0.0:443->443/tcp                  
in-a-box_trafficportal_1_19c4ff275bfa                                                                                     
cdn-                                      /bin/sh -c /run.sh               Up       0.0.0.0:3333->3333/tcp,               
in-a-box_trafficrouter_1_7c533ec1c0a8                                               0.0.0.0:3443->443/tcp,                
                                                                                    0.0.0.0:3053->53/tcp,                 
                                                                                    0.0.0.0:3080->80/tcp                  
cdn-                                      /bin/sh -c /run.sh               Up       0.0.0.0:8087->8087/tcp,               
in-a-box_trafficvault_1_a49fe8a99114                                                0.0.0.0:8098->8098/tcp                
cdn-in-a-box_vnc_1_fbf418f1179c           /bin/sh -c /run.sh               Up       0.0.0.0:5909->5909/tcp    

Once the traffic router starts up, I was able to request demo1 delivery service via HTTPS:

$ mydc exec trafficops /bin/bash -c 'curl -o /dev/null -Lvs https://video.demo1.mycdn.ciab.test/'
* About to connect() to video.demo1.mycdn.ciab.test port 443 (#0)
*   Trying 172.21.0.9...
* Connected to video.demo1.mycdn.ciab.test (172.21.0.9) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
* 	subject: CN=*.demo1.mycdn.ciab.test,O=CDN-in-a-Box,L=Denver,ST=Colorado,C=US
* 	start date: Jan 30 18:39:35 2019 GMT
* 	expire date: Jan 30 18:39:35 2020 GMT
* 	common name: *.demo1.mycdn.ciab.test
* 	issuer: E=no-reply@infra.ciab.test,CN=CDN-in-a-Box Intermediate CA,OU=CDN-in-a-Box,O=CDN-in-a-Box,L=Denver,ST=Colorado,C=US
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: video.demo1.mycdn.ciab.test
> Accept: */*
> 
< HTTP/1.1 302 Found
< Location: https://edge.demo1.mycdn.ciab.test/
< Content-Length: 0
< Date: Wed, 30 Jan 2019 19:28:55 GMT
< 
* Connection #0 to host video.demo1.mycdn.ciab.test left intact
* Issue another request to this URL: 'https://edge.demo1.mycdn.ciab.test/'
* About to connect() to edge.demo1.mycdn.ciab.test port 443 (#1)
*   Trying 172.21.0.13...
* Connected to edge.demo1.mycdn.ciab.test (172.21.0.13) port 443 (#1)
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
* 	subject: CN=*.demo1.mycdn.ciab.test,O=CDN-in-a-Box,L=Denver,ST=Colorado,C=US
* 	start date: Jan 30 18:39:35 2019 GMT
* 	expire date: Jan 30 18:39:35 2020 GMT
* 	common name: *.demo1.mycdn.ciab.test
* 	issuer: E=no-reply@infra.ciab.test,CN=CDN-in-a-Box Intermediate CA,OU=CDN-in-a-Box,O=CDN-in-a-Box,L=Denver,ST=Colorado,C=US
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: edge.demo1.mycdn.ciab.test
> Accept: */*
> 
< HTTP/1.1 200 OK
< Content-Type: text/html
< Accept-Ranges: bytes
< ETag: "3812539862"
< Last-Modified: Thu, 10 Jan 2019 22:53:33 GMT
< Cache-Control: public, max-age=300
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Headers: Accept, Origin, Content-Type
< Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS
< Content-Length: 1881
< Date: Wed, 30 Jan 2019 19:28:54 GMT
< Server: ATS/7.1.4
< Age: 1
< Via: http/1.1 mid.infra.ciab.test (ApacheTrafficServer/7.1.4 [uScMsSfWpSeN:t cCMi p sS]), http/1.1 edge.infra.ciab.test (ApacheTrafficServer/7.1.4 [uScMsSfWpSeN:t cCMi pSs ])
< Connection: keep-alive
< 
{ [data not shown]
* Connection #1 to host edge.demo1.mycdn.ciab.test left intact

[asfgit]

Refer to this link for build results (access rights to CI server needed):
https://builds.apache.org/job/trafficcontrol-PR/3132/
Test PASSed.

[asfgit]

Refer to this link for build results (access rights to CI server needed):
https://builds.apache.org/job/trafficcontrol-PR/3133/
Test PASSed.

[dangogh]

going with @JBevillC 's approval.. Not any direct effect on functionality of ATC as used in production, only making CIAB more flexible.